 <?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$ppCurl = curl_init(); // initialize curl handle
curl_setopt($ppCurl, CURLOPT_POST, true); // set POST method
curl_setopt($ppCurl, CURLOPT_URL, "http://www.sandbox.paypal.com/cgi-bin/webscr"); // set url
curl_setopt($ppCurl, CURLOPT_POSTFIELDS, $req); // fields to POST
curl_setopt($ppCurl, CURLOPT_RETURNTRANSFER, true); // return var
curl_setopt($ppCurl, CURLOPT_TIMEOUT, 4); // time out after 5 secs
curl_setopt($ppCurl, CURLOPT_FAILONERROR, true);
curl_setopt($ppCurl, CURLOPT_FOLLOWLOCATION, true); // allow redirects
curl_setopt($ppCurl, CURLOPT_FRESH_CONNECT, true); // no caching
$result = curl_exec($ppCurl); // engage!

$curlErrorNum = curl_errno($ppCurl); // save error code; 0=none
$curlErrorText = curl_error($ppCurl); // save error message; ""=none
curl_close($ppCurl);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if ($curlErrorNum != 0) {
// CURL error

} else if ($result == "VERIFIED") {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment


} else if ($result == "INVALID") {
// handle false claim

}

?>